What is Application Whitelisting?
Application white listing is the ability to guarantee that only safe, approved applications are allowed to execute. It is a practical and realistic approach to how files are controlled on a computer. It focuses on the files that are already present and verified.

Application Whitelisting aims to ensure that only specifically selected programs and software libraries (DLLs) are allowed to be executed, while all others are prevented from execution. This comprises the following steps :

How is Application Whitelisting advantageous as compared to Anti-Virus solutions?
Application white listing is the ability to guarantee that only safe, approved applications are allowed to execute. It is a practical and realistic approach to how files are controlled on a computer. It focuses on the files that are already present and verified.

Application Whitelisting aims to ensure that only specifically selected programs and software libraries (DLLs) are allowed to be executed, while all others are prevented from execution. This comprises the following steps :

How is the white-list created and updated? How does it identify the application?
A white-list can be created by scanning folders or drives. When using this “scanning” function all the executable files in the folder or drive will be added to the white-list. Once set up, automated delivery mechanisms or specified users can add or update applications without requiring further IT approval. Once the white-list is completed, the system will enter into a protected state. Each executable is uniquely identified typically by file name, file size, file path, and hash.

How does the white-list adjust itself for different requirements of each user?
You can maintain single white-list to control your whole company, or have a different one for every department, or have white-list for each computer. For the agent based solution, an administrator could install software from a CD and the white list would automatically be updated with all the executables.

What happens if an approved application is targeted by malware?
The approved application’s hash is stored along with the trust certificate. Any change on a file will imply a complete change to the file’s hash. This breaks the file’s digital signature, preventing it from being executed.

Precautions:

  • Make sure the computer is clean before installing any solution. If malware is already present, the solution will readily white-list it and allows it to run.
  • Routine maintenance of white-list needs to be done on priority.
  • Make sure the solution covers both executables and software libraries. An omission of either can compromise white-listing security.
  • White-listed executables must be identified by other means rather than merely filename or directory location. Henceforth, malware cannot trivially masquerade as legitimate software.

About Bit9

Bit9 Parity is a leading Application Whitelisting solution that ensures the integrity of endpoints and the technical infrastructure supporting the business.

Bit9 Parity features:

  • Discovers all applications running on endpoints,
  • Evaluates a trust factor and performance against security policy,
  • Makes real-time allow/block decisions on running application programs based on the organization’s software policies.
  • Uses the software registry, a locally installed management server and client to enforce software policies throughout the enterprise.
  • Assess the sensitivity of your business data: More sensitive the data, greater is the priority on the robustness and security of the solution.
  • I want to protect data that sits on my users’ PCs and laptops: Go for token-based solutions offering boot protection and disk encryption requiring token to boot a computer or decrypt protected data.
  • I need to implement a secure physical access solution: Go for token solutions that enable integration with physical access systems.

How can we help you?
Our team of experts guides you to choose the most appropriate solution that is able to provide proper security to your organization generating maximum ROI in the effect. We have partnered with Bit9 Parity; a leader in Application Whitelisting. Our solutions team is well versed in usage and deployment of Bit9 Parity and have successfully deployed for many of our clients with a high rate of satisfaction.

Our Partners

Previous Solution2-Factor_Authentication
Next SolutionDatabase Activity Monitoring